[kernel] r11037 - in dists/etch/linux-2.6: . debian debian/patches/bugfix debian/patches/bugfix/all/vserver debian/patches/series

Fri Apr 4 09:25:44 UTC 2008

Author: waldi
Date: Fri Apr  4 09:25:42 2008
New Revision: 11037

Log:
Merge /dists/etch-security/linux-2.6 (2.6.18.dfsg.1-18etch1).


Added:
   dists/etch/linux-2.6/debian/patches/bugfix/all/vserver/proc-link-security.patch
   dists/etch/linux-2.6/debian/patches/bugfix/vmsplice-security.patch
   dists/etch/linux-2.6/debian/patches/series/18etch1
   dists/etch/linux-2.6/debian/patches/series/18etch1-extra
Modified:
   dists/etch/linux-2.6/   (props changed)
   dists/etch/linux-2.6/debian/changelog

Modified: dists/etch/linux-2.6/debian/changelog
==============================================================================

--- dists/etch/linux-2.6/debian/changelog	(original)
+++ dists/etch/linux-2.6/debian/changelog	Fri Apr  4 09:25:42 2008
@@ -13,6 +13,16 @@
 
  -- dann frazier <dannf at debian.org>  Thu, 03 Apr 2008 16:22:55 -0600
 
+linux-2.6 (2.6.18.dfsg.1-18etch1) stable-security; urgency=high
+
+  * bugfix/vmsplice-security.patch
+    [SECURITY] Fix missing access check in vmsplice.
+    See CVE-2008-0010, CVE-2008-0600
+  * bugfix/all/vserver/proc-link-security.patch
+    [SECURITY][vserver] Fix access checks for the links in /proc/$pid.
+
+ -- Bastian Blank <waldi at debian.org>  Sun, 10 Feb 2008 18:37:05 +0100
+
 linux-2.6 (2.6.18.dfsg.1-18) stable; urgency=high
 
   [ Martin Michlmayr ]

Added: dists/etch/linux-2.6/debian/patches/bugfix/all/vserver/proc-link-security.patch
==============================================================================
--- (empty file)
+++ dists/etch/linux-2.6/debian/patches/bugfix/all/vserver/proc-link-security.patch	Fri Apr  4 09:25:42 2008
@@ -0,0 +1,11 @@
+--- linux-2.6.22/kernel/ptrace.c	2007-07-09 13:20:03 +0200
++++ linux-2.6.22-vs2.2.0-rc5/kernel/ptrace.c	2007-06-15 04:28:02 +0200
+@@ -145,6 +146,8 @@ static int may_attach(struct task_struct
+ 		dumpable = task->mm->dumpable;
+ 	if (!dumpable && !capable(CAP_SYS_PTRACE))
+ 		return -EPERM;
++	if (!vx_check(task->xid, VX_ADMIN|VX_IDENT))
++		return -EPERM;
+ 
+ 	return security_ptrace(current, task);
+ }

Added: dists/etch/linux-2.6/debian/patches/bugfix/vmsplice-security.patch
==============================================================================
--- (empty file)
+++ dists/etch/linux-2.6/debian/patches/bugfix/vmsplice-security.patch	Fri Apr  4 09:25:42 2008
@@ -0,0 +1,28 @@
+diff --git a/fs/splice.c b/fs/splice.c
+index 684bca3..2d7e598 100644
+--- a/fs/splice.c
++++ b/fs/splice.c
+@@ -1122,6 +1122,11 @@ static int get_iovec_page_array(const struct iovec __user *iov,
+ 		size_t len;
+ 		int i;
+ 
++		if (!access_ok(VERIFY_READ, iov, sizeof(struct iovec))) {
++			error = -EFAULT;
++			break;
++		}
++
+ 		/*
+ 		 * Get user address base and length for this iovec.
+ 		 */
+@@ -1141,6 +1146,11 @@ static int get_iovec_page_array(const struct iovec __user *iov,
+ 		if (unlikely(!base))
+ 			break;
+ 
++		if (!access_ok(VERIFY_READ, base, len)) {
++			error = -EFAULT;
++			break;
++		}
++
+ 		/*
+ 		 * Get this base offset and number of pages, then map
+ 		 * in the user pages.

Added: dists/etch/linux-2.6/debian/patches/series/18etch1
==============================================================================
--- (empty file)
+++ dists/etch/linux-2.6/debian/patches/series/18etch1	Fri Apr  4 09:25:42 2008
@@ -0,0 +1 @@
++ bugfix/vmsplice-security.patch

Added: dists/etch/linux-2.6/debian/patches/series/18etch1-extra
==============================================================================
--- (empty file)
+++ dists/etch/linux-2.6/debian/patches/series/18etch1-extra	Fri Apr  4 09:25:42 2008
@@ -0,0 +1 @@
++ bugfix/all/vserver/proc-link-security.patch *_vserver *_xen-vserver

